Whenever I have to reboot my modem [sic] at home, I typically get a new IP address from my ISP.
When that happens, I need to update iptables to allow my new address to connect to the SSH port (port 22) of my jump box (which, fortunately, I have access to from another IP address):
iptables -A INPUT -p tcp -m state --state NEW -s [new IP address] --dport 22 -j ACCEPT
But I don’t want to leave the old entry. How to get rid of it?
The delete (-D) and replace (-R) options require a line number from the chain (e.g. the INPUT chain). To find the line numbers:
iptables -L INPUT --line-numbers
To delete the existing rule and add the new rule:
iptables -D INPUT [line number]
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -s [new IP address] -j ACCEPT
To replace the existing entry:
iptables -R INPUT [line number] -p tcp -m state --state NEW --dport 22 -s [new IP address] -j ACCEPT
Save the updates so they are persistent:
iptables-save > /etc/iptables/rules.v4
(That’s the location for Debian and Ubuntu. This may be different for your distribution.)
On CentOS 6 (and CentOS 7, if you installed and are using iptables instead of firewalld), save the rules to
/etc/sysconfig/iptables, e.g.:iptables-save > /etc/sysconfig/iptables